Archive for January, 2005

Redhat has really been grating my nerves as of late. Undocumented features that are advertised but unusable, recommended updates that are thoroughly broken, failure to update packages with high-impact problems, and a poor software packaging and distribution policy have me testing other distributions with a goal of taking my business elsewhere.

This heightened level of aggravation with Redhat started with their split from the community version. It should be noted that I think this was a smart business decision for Redhat. There was no way they could continue to have a single distribution that was all things to all people. However (and some of this is coincidental), after that happened, I started having very large problems with the commercial version of Redhat Linux.

I wanted to standardize on the commercial version of Redhat for all of the machines in my department that were running Linux. I also wanted that done so that we wouldn’t go down the road of maintaining more than one distribution as more and more production services were deployed on Linux.

Another part of my goal was to reduce the number of packages we build from source. Building packages from source means that every time the application is updated, we have to build it from source again, and hope it all works. One or two packages isn’t so bad, but we build our SSH server, SSL, print server, database server, web server, PHP, and plenty of other stuff from source. This adds up to a lot of overhead. Some of this is, I believe, historical in nature, so I decided to analyze the actual need for this, and I found some success in one service in particular: CUPS.

The CUPS Print Server Debacle

CUPS is a print server package. The first problem I had with the Redhat version was that the version in the package is almost totally unrelated to the capabilities of the package. What exactly, then, is the purpose of having a version number on the package? That was an annoyance — luckily, the package, as it turns out, came with a copy of the ‘ps2ps’ command that worked as it was supposed to, which is to say that it properly stripped out PJL code from PS files printed from Windows machines. Great news, since we could then retire an aging Perl script we used to do this. Great — we were ready to go into testing.

We (staff) all tested printing against this machine for a couple of weeks. The week before we were to move it into production, we ran ‘up2date’ on the machine, and ‘ps2ps’ broke again. Wonderful. As if that weren’t enough, there’s another problem on that new server that could result in an unintentional DoS. The installed (and running by default) authd daemon is configured with the key “instances” set to “UNLIMITED”. As a result, every time one of our guys who was running a fairly strict firewall tried to connect to the box via SSH, the authd server would spawn hundreds of processes trying to connect back to his machine. This caused the load to immediately spike, and the entire machine becomes completely unusable. Thanks, Redhat.

Lacadazical

In addition, other machines that were to move into production had also been updated, only to find that the aacraid driver was broken, and they couldn’t boot! The report in bugzilla for the RAID driver resulted in Redhat saying they would release a fix for this in the next kernel package, which would be released the next time a security vulnerability was reported and fixed — they would release them in the same package. I couldn’t believe this, especially since I knew that the biggest server retailers used hardware that required that driver. As a result of this, my machines remained running with a locally-exploitable kernel vulnerability for the sake of a RAID driver. Thanks, Redhat.

Up2Date Rollbacks, or not

This makes for a nice segue into the undocumented-but-advertised features area. After running up2date on these machines and noting their extreme brokenness, I very much wanted to do a rollback on certain packages. I had enabled rollbacks in my up2date configuration, only to find when I actually needed to do one that the process is completely undocumented by Redhat. It would seem antithetical to the cause of releasing a product that is, if nothing else, stable and predictable, to release a package with features enabled that are not only undocumented, but to the best sources my searches could find, are not recommended for production use by Redhat. Unfortunately, I didn’t learn of the issues with rollbacks until I needed to use the feature, at which time I found that the best solution was to scrap rollbacks, save my disk space, and just reinstall the package in question from scratch again. Rollbacks are not a part of a well-balanced administrative policy, as implemented by Redhat.

The most recent update also broke the quota program. The feature that was broken is one that had been noted as being broken several months before the updated release. This was a recommended update from Redhat, and it’s not like just a command line option is broken — the program, as a whole, is unusable. This was in Redhat’s bugzilla in May 2004. How it wound up in an update in December of the same year is beyond me. How it hasn’t been updated since that time is also beyond me. Thanks, Redhat.

New Face, Old Packages, Same Price

Finally, due to Redhat being slow as molasses to implement new, and highly recommended features of software packages, I am forced to completely discount them as a solution for some of the services I’d like to deploy without building from source. My prime example is OpenLDAP. I’ve been trying for way too long to migrate the department from NIS to LDAP for authentication. NIS won’t go away completely, because it’s useful for some things, but we like LDAP for several reasons, and for some things it’s far better than NIS, so we’re moving in this direction.

The current version of OpenLDAP is 2.2.23. The version the Redhat package is based on is 2.0.x. That version of OpenLDAP, if I’m not mistaken, didn’t even fully support LDAPv2, let alone version 3, and used a backend that the OpenLDAP developers have long ago shunned. For some unknown reason that would seem like a whole lot of work, Redhat appears to be applying patches to this old, decrepid version of OpenLDAP and distributing it, presumably with the expectation that someone, somewhere will use it. As far as I know, it is that oldest version of OpenLDAP distributed by default with any Linux distribution. If I use Redhat for this service, I would be forced to build not only OpenLDAP, but the updated version of the Berkley DB backend that is (for the past ~2 years) the standard OpenLDAP backend recommended by the development team. I’d be doing this by myself, and applying updates by myself, in spite of paying Redhat a yearly fee for updates. Thanks, Redhat.

The Point

The point is, what exactly is my motivation for staying with Redhat? I can’t seem to find one. I still use Fedora Core on things that don’t matter much (when I can get it to work — that distro has plenty of issues of its own), but outside of that, I’m evaluating other options. I’m finding some really nice tools. I’m finding far more up to date software packages. I’m finding much more admin-friendly tools and environments. And I’m finding that Redhat, comparatively speaking, is not a very big deal in the server space. Maybe they started charging for the wrong distribution.

I’m a little pissed. In this slashdot story, Kevin Foreman, GM of Helix RealNetworks, Inc states that Real has paid Thomson for the right to legally distribute an mp3 player for the Linux platform. They then include that right at no cost to the users. He goes on to say, and I quote: “…we are glad to do our part of making the Linux desktop a first class citizen by legally providing MP3 playback to users via our new RealPlayer”. I find this really ironic given some things I found on Real’s website…

There are probably 100 mp3 players available for Linux. XMMS, Rhythmbox, JuK, Zinf… the list goes on for days. With the exception of Redhat/Fedora, Linux distributions come with at least 3 or four different players capable of playing mp3 files. It also comes with applications to convert files to mp3, ogg, flac, etc., and rip tracks from a CD in almost any conceivable format. So as far as mp3 support goes, we Linux users didn’t need Real to do us any favors, but thanks all the same.

What Linux is totally missing is support for a music store application. iTunes integrates with the Apple music store, but iTunes doesn’t run on Linux. RealPlayer runs on Linux, but the store part of RealPlayer is nowhere to be found. Perusing the Real website, it seems that in order to use the store, you have to be running “Windows ’98 or better”.

I’ve been writing about this for probably two years now: the RIAA is suing people and trying to steer them toward legal download sites, but none of those sites are accessible to people in any kind of generic way: every site requires one player or another, and the combination of player and store support has yet to make it to Linux. My request is to either offer the file downloads as generic files playable on anything (won’t happen, no DRM control in generic files yet), or make the store available universally on all platforms. This has yet to happen.

Real has absolutely no right to claim that they’re doing anything to make Linux a “first class citizen” on the desktop, given that it’s not even a first class citizen to RealPlayer, Inc itself. That distinction is apparently held only for the platform which has caused RealPlayer nothing but grief for most of its existence: Microsoft Windows — as that is the only platform that is universally supported by every Real product.

There are a great number of people who perceive me to be an anti-Microsoft guy. I guess that’s an easy enough conclusion to come to. In reality, though, I feel like Microsoft has its place in the world like any other OS — it just happens to not be anywhere near anything I’m working with. I’m lucky that way. Others have no choice in what they use – work makes them use Windows. This rant is more for those who have a choice in the matter (home users) and are still using Internet Explorer and/or outlook.

Here’s the deal: Just because Windows is (allegedly) “easy to use” doesn’t mean that you can regress into a drooling blob of jelly. Microsoft loves that you are as stupid as you are. You probably never read technology news, you never read slashdot, you never read any site that might give you an alternative view of things, and Microsoft loves that. Why? Because it means you never hear about all the stuff us geeks hear about regarding their products, and stupid end users don’t listen to geeks because geeks mostly just don’t know how to talk to normal people anyway. What are the geeks saying?

Geeks, even ones that work to support Microsoft products, are pleading with people to get the hell away from IE and Outlook/Outlook Express. Why? Because most of the security problems in existence today happen to take advantage of the fact that 90% of the stupid home users use IE and Outlook, and stupid means that you won’t question an attachment from someone you never heard of coming to you in an email written entirely in a language foreign to you, even if the email says “the attached file is a virus, please open it to delete all of your files”. Seems unbelievable, but it’s absolutely true. The goal of a virus writer is to have his virus spread as quickly as possible to as many machines as possible. The best way to do this is to write it to work with a vulnerability in a product that all stupid people use — like Outlook or IE. These apps are rich with vulnerabilities and stupid users. They are, then, the perfect targets.

If you’re thinking “wow, maybe I should stop using IE and outlook”, you’re only getting half of the point. The rest of the point is that advances in technology which afford you a nicer computing experience do not amount to a justification for having absolutely no clue how what you do on your local machine affects the rest of the Internet (and, by the way, it absolutely does). Educate yourself just a little. Please. Go down to Borders or Barnes & Noble and get a book. They have thousands of them just on computing alone, and there are a great many of them geared towards people just like you. Please do something to help yourself, ‘cos us geeks are ready to give up and stop helping you recover your crap.

As stocking stuffers, my fiance used magazines covering some of my hobbies. Some on woodworking, some on guitar, and some on computers. Since I had some time off, I decided to try to spend some time with my guitar, so I flipped through and found the music to an AC/DC song – “You Shook Me All Night Long” – and since I knew the rhythm part, I decided to try to learn the solo. The result is that I did, and after flipping through and listening to some other stuff and twiddling around, I’m really impressed!

AC/DC doesn’t do anything fancy. Never have. From “Highway to Hell” all the way through “Thunderstruck”, the style has been essentially the same. Hard driving rhythm/riff-rock. The guitars in their songs are so addictive that I never even learned the leads to their songs — just the rhythm parts and main riffs and such. They’re fun songs to play. But if you make a study of the lead stylings of Angus Young, you come away with quite a lot, actually. He does some interesting stuff! He’s got the box-based easy blues styling of Paige, the melodic, note-borrowing style of Clapton, but it’s very hard at the same time.

There are a lot of underrated guitarists, ones you don’t see in the guitar magazines a lot because they don’t have a top 40 hit on the radio. Angus Young is one of them. When you do see him in the mags, it’s usually something like “Back in Black” or, indeed, “You Shook Me”. Occasionally you see “Hell’s Bells”. But there’s tons more tasty stuff on just about every AC/DC album in existence. I urge you to check it out and really pay attention to the solo on “You Shook Me”, which is a great learning exercise, complete with string skipping, dramatic position changes, major/minor note flipping, and some of the nicest, most creative phrasing you’re likely to hear in a pure hard rock guitarist. At the same time, this stuff is really actually not hard to play.